Simplified instructions for updating an SSL certificate for Tomcat:
Part 1 - Generating the artifacts (.jks, .csr, .cer/.crt)
- Use Java's keytool -genkey program to generate a new private key and store it in a keystore (.jks file)
- This is where you'll be asked for the information that your future Certificate Signing Request (CSR) should contain, such as domain name, company name, city, state, etc.
- Use Java's keytool program to generate a Certificate Signing Request (CSR) referencing the private key created in the previous step.
- Go to the domain registrar's website to purchase the new SSL certificate from the partnering Certificate Authority (CA) and use their web UI to start the activation process.
- During the activation process, you'll be asked to paste the contents of the CSR file created in a previous step. The CA will review this and decide whether or not to issue you an SSL Certificate file (.crt or .cer file).
- Upon approval, you will be emailed the SSL Certificate file and must upload this to the web server.
Part 2 - Installation
- Use Java's keytool -import program to import the SSL Certificate file (.crt or .cer file) into the previously created keystore (.jks file)
- Use Java's keytool -list program to validate the imported certificate
- Modify Tomcat's server.xml to reference the new keystore (.jks file)
- Restart Tomcat and use Digicert's SSL Certificate Checker tool to validate the SSL cert from a third party
- https://www.digicert.com/help/
No comments:
Post a Comment